Analysis and Detection of CLOUD#REVERSER: An Attack Involving Threat Actors Compromising Systems Using A Sophisticated Cloud-Based Malware
Essential information
- Published
- 22/05/2024 07:39
- Modified
- 22/05/2024 07:54
- Tags
- 2024-05-22 cloud cloud#reverser phishing powershell vbscript
- Related entities
- 16 observables, 10 techniques (mitre), 1 malware
Description
Securonix Threat Research has uncovered a sophisticated malware campaign, dubbed CLOUD#REVERSER, that leverages popular cloud storage services like Google Drive and Dropbox for malware delivery, command execution, and data exfiltration. The infection chain starts with a phishing email containing a malicious zip attachment disguised as a Microsoft Office document. The malware employs various obfuscation techniques, including VBScript and PowerShell stages, to establish persistence, communicate with attacker-controlled servers, and dynamically fetch additional payloads. The threat actors utilize cloud platforms as conduits for executing commands and exfiltrating sensitive data while blending into normal network traffic.